This is the code repository for Attacking and Exploiting Modern Web Applications, published by Packt.
Discover the mindset, techniques, and tools to perform modern web attacks and exploitation
Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks
This book covers the following exciting features:
- Understand the mindset, methodologies, and toolset needed to carry out web attacks
- Discover how SAML and SSO work and study their vulnerabilities
- Get to grips with WordPress and learn how to exploit SQL injection
- Find out how IoT devices work and exploit command injection
- Familiarize yourself with Electron JavaScript-based applications and transform an XSS to an RCE
- Discover how to audit Solidity’s Ethereum smart contracts
- Get the hang of decompiling, debugging, and instrumenting web applications
If you feel this book is for you, get your copy today!
All of the code is organized into folders. For example, Chapter02.
The code will look like the following:
function esc_sql( $data) {
global $wpdb;
return $wpdb->_escape( $data);
}
Following is what you need for this book: This book is for anyone whose job role involves ensuring their organization's security – penetration testers and red teamers who want to deepen their knowledge of the current security challenges for web applications, developers and DevOps professionals who want to get into the mindset of an attacker; and security managers and CISOs looking to truly understand the impact and risk of web, IoT, and smart contracts. Basic knowledge of web technologies, as well as related protocols is a must.
With the following software and hardware list you can run all code files present in the book (Chapter 1-8).
| Chapter | Software required | OS required |
|---|---|---|
| 1-8 | Burp | The host system can be Windows, macOS, or |
| 1-8 | Python | Windows, Mac OS X, and Linux (Any) |
| 1-8 | Bash | Windows, Mac OS X, and Linux (Any) |
- Page 30(paragraph 1, line 1): "t is possible for us..." should be "It is possible for us..."
- Page 9 (paragraph 4, line 2): "it’s an opn source..." should be "it’s an open source..."
- Page 6 (paragraph 8, line 2): "..when to read the version.." should be "..where to read the version.."
Simone Onofri is a cybersecurity director with over two decades of experience in Red and Blue Teaming, vulnerability research, and product management. He has been an instructor at the Joint Intelligence and EW Training Centre and is associated with global companies such as HewlettPackard Enterprise. Simone has discovered various vulnerabilities and holds key certifications such as GXPN, GREM, GWAPT, OSCP, and OPSA. An active participant in organizations such as OWASP and ISECOM, he regularly speaks at major conferences, including TEDx. Simone is committed to inspiring and educating industry professionals and enthusiasts through his work, with a mission to create a positive influence
Donato Onofri is a seasoned Red Team engineer. He has over a decade of experience in activities including reverse engineering, Red Teaming, threat research, and penetration testing. Passionate about both the offensive and defensive sides of cybersecurity, Donato has worked with industry leaders such as CrowdStrike and Hewlett-Packard Enterprise and as an advisor and engineer for governments and financial institutions. His research delves into state-of-the-art security techniques, malware analysis, and internals. He holds the GREM, GXPN, OSCP, OSCE, and OSWE certifications, and his expertise is underscored by multiple recognitions for vulnerability discovery.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent